WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability

From: Paul Laudanski <zx () castlecops com>
Date: Wed, 11 Jan 2006 18:51:56 -0500 (EST)
On Wed, 11 Jan 2006, dpw wrote:


I am surely missing something here. This seems like a pretty involved phish,
but the initial hook doesn't seem to be baited very well. 

Why would anyone think a link that goes to Google would be a legitimate way
to go to PayPal? Why would this be different than leveraging any redirect
system? Why is this noteworthy?


You might not fall for this, but I've received my share of emails from 
folks who either have, or who were saved thanks to articles such as these.  
Its all about public awareness.  You think these scammers would be "in 
business" this long for no reason?

-- 
Paul Laudanski, Microsoft MVP Windows-Security
[de] http://de.castlecops.com
[en] http://castlecops.com
[wiki] http://wiki.castlecops.com
[family] http://cuddlesnkisses.com



-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: